This Howtos posted under: Cisco, Firewall | Total Visitors Till Now: 294

How to configure the VPN tunnel to allow only specific ports/protocols on the PIX/Adaptive Security Appliance (ASA)

By default, the security appliance allows IPsec packets to bypass interface access control lists (ACLs). In order to allow specific traffic for a VPN tunnel, apply interface access lists. Complete these steps (apart from the basic VPN configuration) on the PIX/ASA:

1. Use the no form of these commands in order to disable sysopt connection permit-ipsec on PIX version 6.3and sysopt connection permit-VPN on PIX/ASA version 7.x.

2. Create an access-list for traffic that goes into the outside interfaces. Refer to this access-list example in order to allow only Telnet traffic:

access-list outside_in extended permit tcp 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 eq 23

3. Create an access group and bind it to the outside interface. For example:

access-group outside_in in interface outside


  Posted by admin on September 8, 2008 at 6:27 am

No comments [Comments are now closed for this post]  Tags: , , , , , , , , , , , , , , , , , , ,

Coolsearchinfo - A free Social Bookmarking Site

Liked this article? To continue getting our latest free Howtos and Tutorials,
you can also grab the RSS feed or Subscribe to Techgurulive by Email

Not Getting



Related posts
  • How to Configure PPTP Ports under Windows Server
    Once you have installed and enabled VPN server, The next step is to configure the PPTP ports, which will enable your vpn session. Confirm the number of PPTP ports that...